deb_stretch_4.14.13_SD.img help

Mark_Whalley · October 1, 2018, 7:31pm

So this is where I got to:

Built an SD imaged with deb_stretch_4.14.13_SD.img
Booted fine
Used console to move RootFS to SSD and setup basic networking
Deployed a new kernel (4.14.71 - deployed new uImage and files to /lib/modules)
Rebooted and came up fine.
Updated (apt-et updat, upgrade, dist-upgrade)
Installed ufw and added OpenSSH to rules
On entering ufw enable I get:

root@bpi-r2:/# ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y ERROR: problem running ufw-init modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/4.14.71-bpi-r2-main iptables-restore: line 38 failed ip6tables-restore: line 138 failed ip6tables-restore: line 38 failed

Problem running '/etc/ufw/user.rules'
Problem running '/etc/ufw/before6.rules'
Problem running '/etc/ufw/user6.rules'

Any clues??

frank-w · October 1, 2018, 7:41pm

Seems to need nf_conntrack_netbios_ns

Try to add this option to config

Mark_Whalley · October 1, 2018, 7:51pm

Which config does this need adding to?

frank-w · October 1, 2018, 8:09pm

  │ Symbol: NF_CONNTRACK_NETBIOS_NS [=n]                                                                                                      │  
  │ Type  : tristate                                                                                                                          │  
  │ Prompt: NetBIOS name service protocol support                                                                                             │  
  │   Location:                                                                                                                               │  
  │     -> Networking support (NET [=y])                                                                                                      │  
  │       -> Networking options                                                                                                               │  
  │         -> Network packet filtering framework (Netfilter) (NETFILTER [=y])                                                                │  
  │ (2)       -> Core Netfilter Configuration                                                                                                 │  
  │   Defined at net/netfilter/Kconfig:250                                                                                                    │  
  │   Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && NF_CONNTRACK [=m]                                                                │  
  │   Selects: NF_CONNTRACK_BROADCAST [=n]

just add here:

github.com

frank-w/BPI-R2-4.14/blob/723a96f6eaf45451130c250e0bba73142995b837/arch/arm/configs/mt7623n_evb_fwu_defconfig#L155


CONFIG_NF_NAT_MASQUERADE_IPV6=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP6_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MATCH_RT=m


CONFIG_NETFILTER_SYNPROXY=m
CONFIG_IP_NF_TARGET_SYNPROXY=m
CONFIG_IP6_NF_TARGET_SYNPROXY=m


CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_MATCH_LIMIT=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m

the line

CONFIG_NF_CONNTRACK_NETBIOS_NS=m

run ./build.sh importconfig again and build.sh to recompile

Mark_Whalley · October 1, 2018, 11:42pm

Thanks, all done.

But I get other error with ufw, not got time to further look at this so have uninstalled ufw for now and will use iptables direct.

root@bpi-r2:/etc# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
ERROR: problem running ufw-init
ip6tables-restore: line 138 failed

Problem running '/etc/ufw/before6.rules'

frank-w · October 2, 2018, 7:23am

Try to look in ip6tables-restore: line 138

if there any modules missing to get ufw running, i can add them to my defconfig, but you have to say me them